Jump to content

Java.exe accesses being blocked...

Stargrove

By Stargrove
in Website Blocking

 Share

Recommended Posts

Stargrove

Stargrove

Posted
Posted

I am unsure what to think on this, but since 31-July I have been getting numerous java.exe (incoming and outgoing) blocked balloons popping up from Malwarebytes. I have scanned my computer with various programs including MB and have found nothing out of the ordinary. I have attached my logs for 8/1 through 8/4. There was an awful lot of activity for javaw.exe and mostly now java.exe to/from various IP addresses and through various ports. Any help you can provide would be appreciated.

Thanks,

James

Logs.zip

Link to post
Share on other sites
MysteryFCM

MysteryFCM

Posted
Posted

Can you get me a packet log for this please? (212.117.183.* is a root eSolutions range, and there's no legit reason Java should be connecting to or receiving connections from, anything on this range)

Link to post
Share on other sites
Stargrove

Stargrove

Posted
  • Author
Posted

Can you get me a packet log for this please? (212.117.183.* is a root eSolutions range, and there's no legit reason Java should be connecting to or receiving connections from, anything on this range)

I think I have sorted it out. On your suggestion, I downloaded WireShark and did some packet captures. I got a hit on 212.117.183.170 and stopped the capture. The data it captured was unreadable. So I had an idea. I downloaded Process Explorer from Microsoft and found Java.exe in the list of running processes. I opened it's processes and saw that the i2p service was using java.exe. On a suggestion from a friend of mine, I had downloaded the I2P client on the 31st of July and installed it but had not gotten around to doing anything with it. I believe that this is what was causing the odd java.exe traffic since the service keeps in contact with hosts to make the I2P network service larger. Since uninstalling I2P this afternoon I have not gotten any more hits on any IPs. I know that some of what goes on on I2P is questionable at best, and I think I know why, but I was curious as to what I2P is. I believe that this also explains why the packets were unreadable since I think I2P packets are encrypted.

Thanks for the quick reply, I will certainly be back if I see any more persistent traffic from those ranges.

James

PS: I have included the packet exchange that I did capture with Wireshark if you still want to see them.

212.117.146.190.pcap.zip

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.